What are Barracuda filter rules and how are custom rules created?
Michael Ko
Co-founder & CEO, Suped
Published 6 Jul 2025
Updated 16 Aug 2025
8 min read
When managing email deliverability, especially for organizations using enterprise-level security solutions, it is crucial to understand how those solutions process incoming and outgoing messages. Barracuda Networks is a prominent provider of email security gateways and firewalls, and its filter rules play a significant role in determining whether an email reaches its intended recipient or is flagged as spam, malicious, or unwanted.
These rules are designed to protect users from a wide range of threats, including spam, viruses, phishing attempts, and other forms of email-borne attacks. While Barracuda maintains a continuously updated set of default rules, administrators also have the flexibility to create custom rules tailored to their specific organizational needs and policies.
Understanding the interplay between default and custom Barracuda filter rules is key to optimizing email flow and preventing legitimate messages from being inadvertently blocked or quarantined. It can be a complex area, especially when a third-party vendor is involved and there's a lack of transparency about the rules in place. Let's delve into what these rules are and how custom ones are typically established.
Barracuda filter rules are essentially a set of criteria and actions that the Barracuda Email Security Gateway (or other Barracuda products like their firewalls and web application firewalls) applies to email traffic. These rules evaluate various aspects of an email, such as its sender, recipient, subject line, content, attachments, and associated IP addresses, to determine its legitimacy and threat level. The goal is to filter out unwanted or dangerous emails before they reach an inbox.
The Barracuda spam filter, for example, identifies incoming mail from known spammers, catches spammy links, and finds hidden content. Many of these classifications are based on a vast, constantly updated database of known threats and patterns maintained by Barracuda Central. These predefined rules are automatically updated to provide protection against emerging threats.
While the core Barracuda rules are proprietary and continuously evolving, administrators typically see scores or classifications assigned to messages based on these rules. For instance, a rule might assign a specific spam score if certain keywords are detected or if the sending IP address is on a known email blocklist. The aggregate score then determines the action, such as quarantining the email or sending it to the junk folder. This is similar to how SpamAssassin rules function.
The distinction between Barracuda's default and custom rules
The distinction between Barracuda's default rules and custom rules can sometimes be a source of confusion, especially when dealing with external vendors or managed service providers. Barracuda ships its appliances and cloud services with a comprehensive set of predefined filter rules. These are designed to provide immediate, broad protection based on Barracuda's global threat intelligence.
Custom rules, on the other hand, are user-defined (or administrator-defined) rules that allow organizations to implement very specific filtering criteria unique to their environment. These rules can supplement or, in some cases, override the default Barracuda policies. For example, you might create a custom rule to explicitly allow emails from a specific partner domain or to block emails containing certain sensitive keywords that are not covered by the default content filters.
It's common for these custom rules to be labeled in a way that indicates their origin, such as "Custom Rule MJ019" or "Custom rule MV1123," often with a score associated with them. The challenge arises because while Barracuda provides the platform for these rules, the actual definitions for these specific custom rules are configured by the end-user organization or their managing vendor, not Barracuda directly. This is why a vendor might genuinely state that they don't have documentation for a "Barracuda custom rule," because it's a rule they themselves created within the Barracuda system.
Barracuda's default rules
Origin: Barracuda develops and maintains these rules based on global threat intelligence.
Updates: Automatic, frequent updates from Barracuda Central to counter new threats.
Visibility: Generally opaque, with rule names often being internal codes (e.g., BSF_ for Barracuda Spam Filter).
Purpose: Provide baseline protection against common spam, malware, and phishing attacks.
Custom rules
Origin: Defined by the organization's administrators or their IT/email security vendor.
Updates: Manual, as needed by the administering party.
Visibility: Configurable via the Barracuda appliance or cloud console, with identifiable names.
Purpose: Tailor filtering to specific business needs, compliance requirements (e.g., HIPAA), or to address unique threats.
How custom rules are created
Creating custom rules in a Barracuda environment typically involves accessing the administrative interface of the specific Barracuda product, such as the Email Security Gateway, CloudGen Firewall, or SecureEdge Manager. The process usually follows a logical flow of defining criteria and then specifying an action.
The exact steps and terminology can vary slightly between different Barracuda products and versions, but the core functionality remains consistent. For general rule creation, you would log into the Barracuda Firewall Policy Manager or the relevant product interface, navigate to the rules section, and then add a new rule. This might involve creating custom categories or URL filter match objects that the rules can then reference.
Common criteria for custom rules include sender or recipient email addresses/domains, keywords or phrases in the subject or body, specific IP addresses (for blocking or allowing), and even attachment types. Once the criteria are defined, you set the action, such as blocking, quarantining, tagging, encrypting, or simply allowing the message to pass through. You can also assign a spam score to the rule, which contributes to the overall score of an email.
A key aspect of creating custom rules is understanding their order of precedence. Rules are typically processed in a top-down manner, meaning that the first rule an email matches will often dictate the action taken. This requires careful planning to ensure that specific rules, like those allowing critical business communications, are not inadvertently overridden by broader blocking rules further down the list.
Example: Blocking emails with specific keywords
Imagine you want to block emails containing highly sensitive internal project names if they come from external senders, even if those emails aren't flagged by Barracuda's default spam detection. You could create a custom rule to address this specific scenario.
Custom Barracuda Rule Logic
Rule Name: Block_Sensitive_Project_Keywords
Direction: Inbound
Conditions:
- Sender: Is NOT internal
- Subject/Body Contains: "Project X", "Confidential Y", "Internal Z"
Action: Quarantine or Block
Score: (Assign a high score, e.g., 5.0)
Impact on email deliverability and troubleshooting
Barracuda filter rules, while essential for security, can sometimes impact legitimate email deliverability if not configured carefully. Overly aggressive rules, or custom rules that are too broad, might lead to false positives, where valid emails are incorrectly flagged as spam or outright blocked. This is particularly frustrating when you are trying to understand why your emails are blocked by Barracuda even if your IP or domain isn't on a general blocklist.
If you're experiencing email deliverability issues with Barracuda, the first step is often to review the bounce messages. These sometimes contain clues, like specific rule IDs or spam scores. However, detailed explanations for every internal Barracuda rule are not publicly available, so identifying the exact trigger can be challenging. This is where a good relationship with the administrator managing the Barracuda system, or your vendor, becomes invaluable.
When troubleshooting, check if you're hitting any Barracuda blocklist entries, as this is a common reason for delivery failure. Also, consider the content of your emails, including any links. Barracuda (and other corporate filters) are known to follow links in emails, which means the reputation of your linked domains is also assessed.
Key takeaways
Ultimately, Barracuda filter rules are powerful tools for securing email, but their complexity, especially with custom additions, necessitates a detailed understanding for anyone involved in email deliverability. By knowing how these rules are structured and how custom modifications are made, you can better diagnose delivery issues and work towards ensuring your legitimate emails consistently reach the inbox.
Continuous monitoring and proactive engagement with the Barracuda system administrators (or your IT partner) are vital for maintaining optimal email deliverability and avoiding unintended blocks (or blacklists).
Views from the trenches
Best practices
Always maintain detailed documentation of any custom Barracuda rules you create, including their purpose, conditions, and actions, as these are not inherently defined by Barracuda.
Test new custom rules thoroughly in a controlled environment before deploying them to production to prevent unintended blocking of legitimate emails.
Regularly review your Barracuda filter logs to identify trends in blocked or quarantined emails, which can indicate issues with your mail stream or rule configurations.
Common pitfalls
Assuming that all rules with 'Custom Rule' in their name are user-defined, when some may be shipped as part of Barracuda's default rule set.
Creating overly broad custom rules that unintentionally block or quarantine legitimate email traffic, leading to false positives.
Failing to understand the order of precedence for custom rules, causing lower-priority rules to override intended higher-priority actions.
Expert tips
For troubleshooting, examine mail headers for Barracuda-specific scores or rule IDs, which can offer clues about why an email was flagged.
If using a Barracuda appliance, there are often ways to inspect the underlying SpamAssassin configuration for deeper insights into how rules are processed.
When a vendor states they cannot define a custom rule, it often means it's a rule they configured themselves within the Barracuda GUI, not a secret Barracuda rule.
Marketer view
A marketer from Email Geeks says that Barracuda appliances definitely allow you to add domains and possibly phrases to a custom blocklist, providing granular control over what gets blocked.
2022-03-23 - Email Geeks
Marketer view
A marketer from Email Geeks says that rules starting with 'KAM' are third-party and can often be found online, while those with specific prefixes are mainly in-house Barracuda rules that are constantly changing and not all published.
Spamhaus
0Spam
Cisco
NoSolicitado
URIBL
abuse.ro
ALPHANET
Anonmails
Ascams
BLOCKEDSERVERS
Calivent Networks
EFnet
JustSpam
Kempt.net
NordSpam
RV-SOFT Technology
Scientific Spam
Spamikaze
SpamRATS
SPFBL
Suomispam
System 5 Hosting
Team Cymru
Validity
www.blocklist.de Fail2Ban-Reporting Service
ZapBL
2stepback.dk
Fayntic Services
ORB UK
technoirc.org
TechTheft
Barracuda develops and maintains these rules based on global threat intelligence.
